How To: DNS with BIND9 on Debian – Part 2/2

This is the second part of my two part series aimed at giving prospective DNS owners a kick start with BIND9. If you haven’t already head over to Part 1 and take a look.

NOTICE: I’m presuming that BIND is already setup and working on your Debian installation. So following part 1 will be necessary if it isn’t.

Part 2 will be a tutorial on how to create and setup your own DNS zone. A DNS zone will allow you to administer your domain name or an internal domain. A zone consists of a Forward Lookup Zone and a Reverse Lookup Zone.

Forward Lookup Zone: This file will tell BIND which IP-address is associated with which DNS name. s an example, when you type in the forward lookup zone will provide you with the IP address of that domain.

Reverse Lookup Zone: The Reverse Lookup Zone is the opposite. It will return the DNS name of any given IP-Address.

Together these zones will create your DNS zone. For the sake of keeping this as simple as possible i’ll be working with the domain name: test.local

Setting up a Master DNS zone with BIND 9

Creating a Forward Lookup Zone

Let start by configuring our Forward Lookup Zone configuration file. First we take the example file and rename it. Then we populate it with our own data. Remember to give the Zone file a name that represents the domain it will be representing. In my case I called it db.test.local

cp /etc/bind/db.local /etc/bind/db.test.local

Now open the Zone file in your favourite text editor.

vim /etc/bind/db.test.local

The file should look like this:

  ; BIND data file for local loopback interface
  $TTL    604800
  @       IN      SOA     localhost. root.localhost. (
                                 2         ; Serial
                            604800         ; Refresh
                             86400         ; Retry
                           2419200         ; Expire
                           604800 )        ; Negative Cache TTL
  @       IN      NS      localhost.
  @       IN      A
  @       IN      AAAA    ::1

Lets configure this file to represent out own domain (Remember to replace test.local with your domain name).

You will need to change the following lines:

Line 5:
localhost. to test.local.
root.localhost. to root.test.local.

Line 6:
Change the ;Serial value: It’s common practice to change the Serial value to the date the change was made followed by a value. Personally I use the following formula; DDMMYYYV. Where V is a value that starts at 0 and changes for each change made on the same day.

So the first change today would be:
Consecutive changes on the same day would be

Of course you will want to update the date month and year if you update the Zone sometime in the future.

Line 12:
localhost. to ns.test.local.

Line 13:
Change to the IP-Address of the DNS server, in my case

Line 14: we can delete the AAA record which has to do with IPv6

It should eventually look like this:

; BIND data file for local loopback interface
$TTL    604800
@       IN      SOA     test.local. root.test.local. (
                       060520139         ; Serial
                          604800         ; Refresh
                          86400         ; Retry
                         2419200         ; Expire
                         604800 )       ; Negative Cache TTL
@       IN      NS      ns1.test.local.
@       IN      A
ns1     IN      A
@       IN      MX      10      mail.test.local.
pc      IN      A
mail    IN      A
www     IN      A
samba   IN      A

On line 14 I’ve added an MX record for my mail server:@       IN      MX      10      mail.test.local.

As you can see on line 15 I’ve added my own computer to the DNS list. This will allow me to access my personal computer by using it’s DNS name – pc.test.local

You can have as many entries as you like. You could build a DNS list for every machine on your local network, so you don’t have to remember the IP address of each machine.

On line 16 to 18 I’ve written the following:

 15 mail    IN      A
 16 www     IN      A
 17 samba   IN      A

These are simple A records to designate an IP address for the various machines in the domain. These machines will now be able to be reached via their DNS name as well as their IP address.

Creating a Reverse Lookup Zone

As with the Forward lookup Zone we have an example configuration file to use as a template. So make a copy and remane the file to db.<insert the first octet of your internal network here>

As I’m on the network the first octet of my network is 192, so I named the file db.192

cp /etc/bind/db.127 /etc/bind/db.192

In its default state it will look like this:

  1 ;
  2 ; BIND reverse data file for local loopback interface
  3 ;
  4 $TTL    604800
  5 @       IN      SOA     localhost. root.localhost. (
  6                               1         ; Serial
  7                          604800         ; Refresh
  8                           86400         ; Retry
  9                         2419200         ; Expire
 10                          604800 )       ; Negative Cache TTL
 11 ;
 12 @       IN      NS      localhost.
 13 1.0.0   IN      PTR     localhost.

Now lets configure it (It’s more or less the same as the Forward Lookup Zone):

Line 5
localhost. to test.local.
root.localhost. to root.test.local.

Line 6
Change the ;serial value as explained above.

Line 12
localhost. to ns.

Line 13
1.0.0 to 10
localhost. to test.local.

We must also add a record for our machine we added in the Forward Lookup Zone at the end of this file.

21         IN            PTR          pc.test.local

The configuration file should now look like this:

  1 ;
  2 ; BIND reverse data file for local loopback interface
  3 ;
  4 $TTL    604800
  5 @       IN      SOA     test.local. root.test.local. (
  6                       060520139         ; Serial
  7                          604800         ; Refresh
  8                           86400         ; Retry
  9                         2419200         ; Expire
 10                          604800 )       ; Negative Cache TTL
 11 ;
 12 @       IN      NS      ns1.test.local.
 13 1       IN      PTR     pc.test.local.
 14 2       IN      PTR     mail.test.local.
 15 3       IN      PTR     www.test.local.
 16 4       IN      PTR     samba.test.local.

Configure BIND as the primary DNS Master for the Zone
Now that our zones are configured we can make BIND aware that they exist as well as set BIND as the primary master DNS server for this zone.

Open the following file

vim /etc/bind/named.conf.local

It will look like this:

  1 //
  2 // Do any local configuration here
  3 //
  5 // Consider adding the 1918 zones here, if they are not used in your
  6 // organization
  7 //include "/etc/bind/zones.rfc1918";

Now add the following lines to the configuration file. Remember to change test.local with your domain name:

//My Configuration

zone "test.local" {
        type master;
        file "/etc/bind/db.test.local";

zone "" {
        type master;
        notify no;
        file "/etc/bind/db.192";

The final file should look something like this:

  1 //
  2 // Do any local configuration here
  3 //
  5 // Consider adding the 1918 zones here, if they are not used in your
  6 // organization
  7 //include "/etc/bind/zones.rfc1918";
  9 //My Configuration
 11 zone "test.local" {
 12         type master;
 13         file "/etc/bind/db.test.local";
 14 };
 16 zone "" {
 17         type master;
 18         notify no;
 19         file "/etc/bind/db.192";
 20 };

I’ll explain what each of these lines mean:

Line 11:
Here we are declaring the name of the DNS zone, which is test.local.

Line 12
We define this DNS server as the primary DNS server for this zone.

Line 13
We let BIND know where the Forward Lookup Zone file is located.

Line 16
This is specifically to do with reverse lookup within the Zone (IP to Domain name). A good explanation is below: Source:

DNS has a few special cases you need to be aware of. Probably the most important of these is the domain, which is used to convert 32-bit numeric IP addresses back into domain names. This is used, for example, by Internet web servers, which receive connections from IP addresses and wish to obtain domain names to record in log files. Remember that IP addresses are written as four decimal numbers (one for each byte), separated by periods.

Line 18
notify no: Turns off the DNS NOTIFY function. I have limited understanding of this at the moment as it seems this can be disabled on newer versions of BIND. However more information can be found here which is worthwhile reading.

Line 19
We let bind know where is can find the Reverse Lookup Zone file

Restart and test BIND

/etc/init.d/bind9 restart

Now lets see if it works. Try to ping the machine we set up in the Zone – pc.test.local

Ping from the DNS server.

jack@debian:/etc/bind# ping pc.test.local
PING pc.test.local ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=128 time=0.610 ms
64 bytes from icmp_req=2 ttl=128 time=0.599 ms
64 bytes from icmp_req=3 ttl=128 time=0.608 ms

Ping from a Windows machine on my network using the DNS server we just created.

C:UsersWin-Test>ping pc.test.local
Pinging pc.test.local [] with 32 bytes of data:
Reply from bytes=32 time=2ms TTL=128
Reply from bytes=32 time

If you are trying to ping a Windows machine you will need to disable the Windows firewall otherwise your ping request will be dropped and you won’t receive an answer.

If the ping is successful then your DNS zone is most likely setup correctly :).

Top job!


  1. sohrab says

    I am iranian and i can’t good speak English but VERY VERY VERY VERY VERY VERY VERY Tank you

    Good Luck My frind….!

  2. mpb says

    I’m normally not the guy to comment on tutorials, but after struggling with setting up a simple local dns server and going crazy with other tutorials I just wanted to thank you for writing this comprehensible tutorial!

  3. Mark Botner says

    Thanks for the article! It was very helpful. I found what I think are a couple of problems with the reverse maps.

    1) I had put the last octet in the db.128 map for each host, this wasn’t really explained above
    2) My local network is 192.168.2 and in the /etc/bind/named.conf.local file I had to have an entry like this:
    zone “” {
    type master;
    notify no;
    file “/etc/bind/db.192″;

    You had a ’0′ instead of a ’2′ and maybe that was correct for your network?

    Thanks again, a very helpful article! I now have bind working and can move away from dnsmasq which was conflicting with the network manager in Ubuntu.


  4. Morten Abildgaard says

    With regards to the zone serial: DDMMYYYV makes little sence compared to what most others use: YYYYMMDDVV.
    Otherwise, nice write up.

    • Jack Brennan says

      Hi Morten,

      Thanks for the reply.

      As i stated in the paragraph concerning the serial number, that is my personal formula for it. I find it quicker on the eye to read a date the way we would print it on a letter. I see i have written DDMMYYYV, but you will notice all the serial numbers in the sequence i list up as an example are DDMMYYYYV.

      Some places like the Red Hat Documentation only use a single number to reflect a change (i.e 1/2/3/4). Debian documentation will use YYYYMMDDVV. It’s not a critical value in the configuration file apart from letting slave nameservers know that a change had been made.


Leave a Reply

Your email address will not be published. Required fields are marked *